Month: January 2017

"Western Union Co, the world’s biggest money-transfer company, agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday.

Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements.

With the help of Western Union agents, Chinese immigrants used the service to send hundreds of millions of dollars to pay human smugglers, wiring the money in smaller increments to avoid federal reporting requirements, U.S. authorities said.

Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said.

Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said.

"Western Union is now paying the price for placing profits ahead of its own customers," said Acting Assistant Attorney General David Bitkower.

A Western Union spokesman said that the company didn’t "do as much as it should have" to oversee its agents between 2004 and 2012 but is committed to improving its procedures.

Western Union, which helped clients move over $150 billion in 2015, said in a press release that more than one-fifth of its work force is currently devoted to compliance. It also said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."

"The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts – and more complicated patterns are the easiest to crack, security experts reveal.

Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 per cent of Android device owners.

In order to access a device’s functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked.

New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software.

By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. Results are accurate on video recorded on a mobile phone from up to two and a half metres away – and so attacks are more covert than shoulder-surfing. It also works reliably with footage recorded on a digital SLR camera at distances up to nine metres away.

Researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts."

"A lot of people are more privacy aware than they have been in the past, and are wary of entrusting everything they search for to Google.

That’s where privacy-focused sites like DuckDuckGo come in. Its growth since it launched 8 years ago has been nothing short of staggering, with the number of searches skyrocketing since 2013, when Edward Snowden first revealed how the US government was spying on its people.

The search site says it has to date served up over 10 billion anonymous searches, with 4 billion of those occurring in the last year alone, and the company says it is growing faster than ever."

"This is how he’s going to chip away at our understanding of what’s right and what’s wrong, what’s real and what’s not. This is even stronger, more powerful gas lighting — making us question our own instincts and even start doing things because we want to fit in with “everyone else” who from what we know, seem to think this is all fine.

Trump wants a cheering section at all his press conferences and if you don’t realize that those are not the reporters clapping, it will seriously fuck with you.

The media needs to take a cue from one of Trump’s own complaints during the campaign: show us the crowd. Let us see who is clapping, and who is not. Otherwise we’re all going to start feeling like we’re going crazy, even more so than we already are."

"Last March, HP printer owners got an automated "security update." After running this update, HP customers would not have detected any outward changes their printers’ behavior. But inside, the affected HP printers were secretly counting down to September, when the printers suddenly began rejecting ink cartridges with third-party "security chips" — if you had opted to save 90% or more on your printer ink by buying unofficial cartridges, you were left in possession of a bunch of useless plastic and ink. In some cases, HP customers assumed their printers had packed in and threw them away.

After thousands of customers for third-party cartridges complained online, the story began to come into focus, and it became obvious that HP had deliberately installed time-delayed self-destruct code on its customers’ property to punish them for failing to order their affairs in the way that was most profitable to HP. I wrote an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation and more than 10,000 people signed on (the number is now 15,000).

(I’m a special consultant to EFF, which is a charitable nonprofit that stands up for privacy, security, fairness and free speech in technology)

The ensuing press-storm prompted HP to issue its nonpology, a misleading document whose absurdity I will now discuss, with some assistance from various former HP employees — including one 18-year HP printer division veteran — who contacted me on condition of anonymity in order to help me translate the document from HP-ese to English.

HP starts by saying that it only blocked cartridges with "cloned third-party chips" but that "third party cartridges with original HP security chips continue to function properly." HP’s "security chips" are on-board computers with many functions, including recording the ink-level in your cartridges. When a cartridge is empty, the chip registers this fact, and even if you refill the cartridge, it will not work, unless you find another a used chip from someone else’s cartridge and swap it in. In theory, you could also swap in one of HP’s original chips, but HP doesn’t sell those. So in practice, most refilled and third-party cartridges have "cloned chips" in them, from massive printer supply companies like Apex and Static Control, while others buy used chips of unknown quality from recyclers.

In reality, what HP is saying, "We block all third-party cartridges, and unless you know the trick, we also block original HP cartridges if you refill them.""

"Trump launched his campaign in front of an "audience" of actors paid $50/each to wear campaign shirts and cheer wildly, and he’s brought his paid cheering section with him into the presidency, bringing along staffers to applaud at key moments during his press conferences and other appearances.

The practice has its origin in ancient Rome, where the Emperor Nero deployed his own crowds, called "Augustiani," to cheer at his indifferent poetry and lyre playing. It was revived in 17th and 18th century opera circles, where "claques" were used to "huzzah or hiss their favorite performers."

The claque died out in the 19th century, but everything old is new again, and Trump has revived claques as an integral part of his governing strategy. It’s a sharp move: if you can’t see who’s applauding, you might assume that when Trump draws cheers for damning CNN as "fake news" that the press corps is cheering him on.

"The wonderful new movie Hidden Figures (based on a book by Margot Lee Shetterly) tells the story of three black women who were crucial to the success of NASA’s Apollo missions in the 1960s. And now NASA is celebrating the many black women who play a crucial role in the space program today. In a series of videos, women like systems engineer Julie Williams-Byrd, project manager Antja Chambers, and astronaut Jeanette Epps discuss their work with NASA and how the women of Hidden Figures inspired them."